REST API Guide 
Application Password CheckIn and CheckOut 


1) Password CheckOut 
Syntax: POST /rest/cmdctrl/Request 


Example - JSON payload: 
{ 
"Request": { 
"type": "PasswordCheckout", 
"runHost": "BLR-AD-SRV1_ldap", 
"reason": "Need Active Directory access", 
"duration": 360, 
"emailid": "userl1@company.com" 
} 
} 


Mandatory parameters - type: Indicates the type of operation. The value has to be "PasswordCheckout". runHost: The application 
AccountDomain name to which the password checkout is requested. reason: Enter the reason for which the access is required. duration: 
Enter the duration required for the access. The value is in minutes, which ranges from 360 to 7days. 


Optional parameters- emailid: email ID of 
the requester. 


2) Password CheckIn 


Syntax: PUT /rest/cmdctrl/Request 
PUT /rest/cmdctrl/Request/{id} 


Example - JSON Payload: 


{ 
"Request": { 
“type”: “PasswordCheckin”, 
"id": "3ffc60f4-615a-4fb3-aae5-eafc3423056c", 
"comment" : "Done with my work, checking in.", 
"force": 1 
} 
} 


Mandatory parameters - type: Indicates the type of operation. The value has to be 
"PasswordCheckin". id: Request ID. 


Optional parameters - force: This option is available only for the administrator. Set it to 1 to forcefully check-in a user's password 
checkout request. comment: Password check-in comments. 


Emergency Access 


3) Emergency Access Request 
Syntax: POST /rest/cmdctrl/Request 


Example - JSON payload: 
{ 
"Request": { 
"type": "EmergencyRequest", 
"accessas": 1, 
"runhost": "4.3.2.1", 
"target": "DB ORACLE PASSWORD", 
"reason": "Need immediate access to Oracle DB", 
"emailid": "userl1@company.com", 


"requestperiod": 720, 
“force”:1 
} 
} 


Mandatory parameters - type: Indicates the type of operation. The value has to be 

"EmergencyRequest". 

accessas: Indicates the privileges required for accessing the system. To access the system, the values for normal user and super user are 0 and 
non-zero respectively. runhost: The application AccountDomain name to which the Emergency Access is requested. 

target: The type of target server. The valid values are RDP_DIRECT, RDP, SSH, pcksh, DB _ORACLE_PASSWORD, DB_ORACLE_ACCESS, 
DB_MSSQL_ACCESS, DB_MSSQL_PASSWORD, APPL_<subtype>. reason: Enter the reason for which the access is required. requestperiod: 
Enter the duration required for the access. The value is in minutes, which ranges from 360 to 7days. 


Optional parameters - emailid: Email ID of 
the requester. 


4) Modify Emergency Access request 


Syntax: PUT /rest/cmdctrl/Request PUT 
/rest/cmdctrl/Request/{id} 


2a) Example - JSON payload to 'approve' user request 
Admin approves Emergency Access request 
{ 
"Request": { 
"id": "2070460c-aa83-4b5a-97c0-6141cc16a6ee", 
"type": "EmergencyRequest", 
"action": "approve", 
"comment": "You are granted access to the ldap server.", 
"runas": "-", 
"runhost": "DOM-APP_LDAP-1", 
“target”:” APPL_LDAP” 
"requestperiod": 720, 
“credential”:” 94ced4ce-94cc-47e6-8828-8809fc3b45bd” 
} 
} 


Mandatory parameters: id: Request ID. action: The value has to be "approve". type: Indicates the type 
of operation. The value has to be "EmergencyRequest". requestperiod: Duration up to which the 
access has to be granted. 
runhost: Server to which access is being granted. runas: Account ID to 
whom the access is granted. 
target: Type of the target server. The valid values are RDP_DIRECT, RDP, SSH, pcksh, DB_ORACLE_PASSWORD, DB_ORACLE_ACCESS, 
DB_MSSQL_ACCESS, DB_MSSQL_PASSWORD, APPL_<subtype>. credential: These are the values for the following type of request: 
. RDP , RDP_DIRECT & SSH - valid credential ID. 
. DB_MSSQL_PASSWORD, DB_ORACLE_PASSWORD & APPL_<subtype> - “Run User@Run Host” 
. DB_ORACLE_ACCESS, DB_MSSQL_ACCESS & pcksh — “null” 


Optional parameters: 
comment: Enter the approval comments. 


2b) Example - JSON payload to 'deny' or 'revoke' user request: 
Admin approves Emergency Access request 


{ 
"Request": { 
"id": "2070460c-aa83-4b5a-97c0-6141cc16a6ee", 
"type": "EmergencyRequest", 
"action": "deny", 
"comment": "You are not authorized to access." 
} 
} 


Mandatory parameters: id: Request ID. action: The value can be "deny" or "revoke". type: Indicates 
the type of operation. The value has to be "EmergencyRequest". 


Optional parameters: 
comment: Enter the access request denial comments. 


5) View the Requests 


Syntax: GET /rest/cmdctrl/Requests 
GET /rest/cmdctrl/Requests/{request_id} 


Optional Parameters: 
{request_id}: Get the details of the request having the ID {request_ID}. Example: "ead4248b-96b2-4022-aca9fdd3c596952f" 
All: Get the requests of all the users. Administrator only option. 
queryrequest: Type of request. Valid values are 1 for emergency access and 2 for password checkout. limit : Query result limit. 
Default value is 50. status: The following are the valid status values: 
1 - Emergency Access request in Pending state. 
2 - Emergency Access request in Approved or Expired state. 
3 - Emergency Access request that was denied by the admin. 
4 - Emergency Access request that was revoked by the admin. 
5 - Password checkout requests. 
6 - Password checkout requests that were auto checked-in by PAM system, since the requested time had expired. 
7 - Password checked in by a user. 8 - Password checked in which had failed. delegate: Password check-in delegation states. The valid values 
are 0 for non-delegated, 1 for Check-in 
(delegated), 2 — Check-in (complete) 
RequestTime : All request less than or equal to the passed value. The value is in epoch time. Example: 1448475051 


6) Delete Emergency Access Request 


Syntax: DELETE /rest/cmdctrl/Request/{request_id} 


{request_id}: Request ID to be deleted. Example: "ead4248b-96b2-4022-aca9-fdd3c596952f". 


Enterprise Credential Vault 


7) Get Vaults Using Type 
Syntax: GET /rest/prvcrdvlt/Vaults/<type> 


Mandatory paramters: 
type - Type of Account Domain. The values can be 'ssh’, 'Idap', ‘database’, ‘application’, 'key’, or 'sso' 


Sample curl command: 
curl --insecure -X GET -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU1Myc3My+TIzEtMLsksS92e4slWUlySmFvQ2r/km1Uxd1Fqbn5JanxG 
fnEJQzFnQWpqEZjNmlSUmZydyBKUnS5MKNKoISDFqMaDwIUYzACONzkzPSywpLUplqGluzkxvZJi98A Dr9wn7r2UEffVyV 2rZnfZOgGN 
q3Mmrt1ZfebnzgZB57mPmeNOoJtWN YhzRPRY Wz3VPJXnvPdlwOKjfNPf93Zas VTWPDvRu0Kzpd+4VLFzZx+B28t3i5G8fP8g26OhdiOue 
3ZKeej+sPtb9tKj2rvDQ+6vtBH6ZSI1+S3fU0fFafxxf9riqmzBSRTS|pe8Pd/jZ9yZhw02rK/ZgnMuY 3GBgAozN/xA==" -H "Cache-Control: no- 
cache" -H "Content-Type:application/json" https://164.99.162.101/rest/prvcrdvlt/Vaults/ssh 


8) Get Vaults Using ID 
Syntax: GET /rest/prvcrdvlt/Vaults/<id> 


Mandatory paramters: 
id - id of the vault 


Sample curl command: 
curl --insecure -X GET -u admin:novell123 -H "Cache-Control: no-cache" -H "Content-Type:application/json" 


https://164.99.162.101/rest/prvcrdvlt/Vault/39031fa3-b647-46f2-b0ad-76c288228a6d 
9) List all the Credentials of a Vault Using the Vault ID 


Syntax: GET /rest/prvcrdvlt/Credentials/<vault_id> 


Mandatory Parameters: 
vault_id - All credentials of the Vault with id, vault_id is returned 


Sample curl command: 
curl --insecure -X GET -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfbor0Exd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtnl1 QlUiVWpyhISRTpJeX X5aak60 XnJ+ byBK UnSMKNLwISDFqMaDwIZYxAJORnJmel1hSWpTKUMVcnJneyKCfs0w/ 
YNWnk0+VX35rl8ws8dDW1z+UZR6oraHj XF9QIOnColINoPOV5dy6v YomdVaeBysbdncqV7WbTH5z40T XfymH6zY +XGlekSnifFMjvnrK5 
d/Jms4tLeB9vLj0u8efDzSjOSfq+dVXRNyPq6hyzTXxyeu6lis8sf1GRtONn0rm1hiY TqsgyU0TOFq7mWcHgaeDxZ6bzstvnz8hf79 VhYAA Aau 
OAxA==" -H "Cache-Control: no-cache" -H "Content-Type:application/json" https://164.99.162.101/rest/prvcrdvlt/Credentials/39031fa3-b647- 
46f2-b0ad-76c288228a6d 


10) Get Credential by id 
Syntax: GET /rest/prvcrdvlt/Credential/<id> 


Mandatory parameter: 
id - id of the credential 


Sample curl command: 
curl --insecure -X GET -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jK GbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfbor0Exd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtnl1 QliVWpyhISRTpJeX X5aak60 XnJ+ byBK UnSMKNLwISDFqMaDwIZYxAJORnJmel1hSWpTKUMVcnJneyKCfs0w/ 
YNWnk0+VX35rl8ws8dDW1z+UZR6oraHj XF9QIOnColNoPOV5dy6v YomdVaeBysbdncqV7WbTH5z40T XfymH6zY +XGlekSnifFMjvnrK5 
d/Jms4tLeB9vLj0u8efDzSjOSfq+dVXRNyPq6hyzTXxyeu6lis8sf1GRtONn0rm1hiY TqsgyU0TOFq7mWcHgaeDxZ6bzstvnz8hf79 VhYAA Aau 
OAxA==" -H "Cache-Control: no-cache" -H "Content-Type:application/json" https://164.99.162.101/rest/prvcrdvlt/Credential/bf40307d-284d- 
4832-b905-397498b63f91 


11) Add or Modify Vault 


Syntax: PUT /rest/prvcrdvlt/Vault 
PUT /rest/prvcrdvlt/Vault/<id> 


Mandatory parameters: 
type - type of vault, ssh, ldap, database, application, key, sso 


profile - Applicable to ldap type domain. Value can be either 1 or 2. 1 means Active Directory, 2 means eDirectory. 
Subtype - sub type of the application or shared key type vault. The vault name followed by '_<subtype>', 
example: dom-server_sap 
Script - Applicable to application type only. The script that is used for password reset during password checkin process. 
ConnectString - Applicable to database type vault only. The connect string to the database. 
ConnectAs - Applicable to database type vault only. Value can be either 1 or 1. Connect as DB admin or as normal user respectively. 


Optional parameters: 
profile - 
cred - id of the default credential of the Vault 
id - id of the vault that is to be modified. The id could be set in the payload 
as well for modify operation. When no id is passed, it would be add operation. 
host - DNS name or the IP address of the Vault. This is not applicable to key type domain. 
port - port number of the service. 
PasswdPolicyld - Applicable to database and application types only. Set the id of the 
password policy that is to be used for password checkin requests. 
secure - Applicable to application type only. Set whether the connection to the server is 
on secure channel or not. Value can be either 0 or 1. 
ScriptArgs - key/value pairs of arguments to the script of password checkin or these can be 
details about the Vault. 
multiuser - Applicable to shared key type vault only. The value can be either 0 or 1. 
Determines whether the keys created within the key vault are of type multiuser or not. 
If multiuser then an integer value can be set on the keys created under it which 
determines how many can use the a key at the same time. 
delegate - Applicable to database and application types. Value can be either 0 or 1. Determines 
if the password checkin should be delegated to Identity Manager. 


Sample curl command: Add ssh type Vault 
curl --insecure -X PUT -b 


"pum_rest_auth=eJzj8ExJzSvJLKIkyOd0LC3JCMnPTs1jK GbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrK$5JzC1oPfbor0Exd1Fqbn5JanxGf 
nEJQzFnQWpqEZgtnl1 QUiVWpyhlSRTpJeX X5aak6OXnJ+byBKUnSMKNLwISDFqMaDwIZYxAJORnJmel1hSWpTKUMVcnJneyKCfsOw/ 
YNWnk0+VX35r1 8ws8dDW1z+UZR6oraHjXF9QIOnColNoPOVSdy6v YomdVaeBy5bdncqV 7WbTH5z40TX fymH6zY +XGlekSnIfFMjvnrK5 
d/Jms4tLeB9vLj0u8efDzSjOSfq+dVXRNyPqGhyzTXxyeuGlis8sf1 GRtONn0rm1hiY TqsgyU0TOFq7mWcHgaeDxZ.6bzstvnz8hf79VhYAAAau 


OAxA==" -H Cache-Control: no-cache -H Content-Type:application/json —d 
‘{ 
"Vault": { 
"type": "ssh", 
"name": "DOM-SSH-Linux1", 
"CFG": { 
"SSH": { 
"port": "22", 
"host": "192.168.1.200" 
} 
}, 
"ACL": { 
"Role": { 
} 
} 


} 
Y ‘https://164.99.162.101/rest/prvcrdvlt/Vault' 


Sample curl command: Modify ssh type Vault 
curl --insecure -X PUT -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU 1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxajGg8CG2MQDdEZyZnpdY UlqUyIDFXJyZ3sjAWn5+w 
ppVqRf01//7Wmnb9E32iuK28+v4 V 1d/yJ4r3hN7fb XhMZbJr6duW PmgQTegU9+TkWuGN9u0k55rDrm82 Ww91Utr4t+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpS!1Bm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Vault": { 
"CFG": { 
"SSH": { 
"port": "22", 
"host": "192.168.1.201" 
} 
} 


} 
Y ‘https://164.99.162.101/rest/prvcrdvlt/Vault/3cfdc4a1-9d85-49d9-bdbd-bea2c4ec8c3c' 


Sample curl command: Add application type Vault 
curl --insecure -X PUT -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jK GbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZegtkV1QpFtQmptS VpyTWmxoVFxgqFthZ.qJrmMgSlJ+TCjS9CEgxajGg8CG2MQDdEZyZnpdY UlqUylDFXJyZ3sjAWn5+w 
ppVqRf01//7Wmnb9E32iuK28+Vv4V 1d/yJ4r3hN7fbXhMZbJr6duwPmgQTegU9+TkWuGN9u0k55rDrm82Ww91Utr4+ kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpSIBm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6V1JO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Vault": { 
"name": "DOM-APP10_SAP", 
"type": "application", 
"CFG": { 
"PasswdPolicyld": "1", 
"Subtype": "SAP", 
"Connect": { 

"host": "192.168.1.100", 

"port": 3309, 

"secure": 1, 

"Script": "# Sample perl script for Password Reset of a user on SAP system\n\n## global variables\nmy $retVal = 1;\nmy $OS = 
$AO;\n\nmy $cmd_output = \"\";\n\n## arguments\nmy $host = $args->arg(\"host\");\nmy $systemNumber = 
$args->arg(\"systemNumber\");\nmy $clientNumber = $args->arg(\"clientNumber\");\nmy $lang = $args->arg(\"lang\");\nmy $admin = 
$args->arg(\"adminName\");\nmy $adminPasswd = $args->arg(\"adminPasswd\");\nmy $user = $args->arg(\"userName\");\nmy $userPasswd = 
$args->arg(\"userPasswd\");\n\n# Set passwords as environment variables\n$ENV {ADMIN_PASSWD} = 
$adminPasswd;\n$ENV {USER_NEW_PASSWD} = $userPasswd;\n\n$ctx->log_info(\"*** START SAP PASSWD 
RESET\");\n$ctx->log_info(\"*** Privileged Account Manager running on the OS $OS\");\n$ctx->log_debug(\"SAP System input parameters : 
SAP Host - $host :: System Number - $systemNumber :: Client Number - $clientNumber :: Language :: $lang :: admin - $admin :: user - $user 
\");\n$ctx->log_info(\"Resetting the password of the SAP user $user ...\");\n\n## validate inputs\nif ($host eq \"\" or $systemNumber eq \"\" or 
$clientNumber eq \"\" or $admin eq \"\" or $adminPasswd eq \"\" or $user eq \"\" or $SuserPasswd eq \"\") {\n $ctx->log_error(\"Incomplete 
inputs - following parameters are mandatory - SAP host, systemNumber, clientNumber, admin, adminPasswd, userName and userPasswd.\");\n 
return 0;\n}\n\n# set default language\nif ($lang eq \"\") {\n $lang = \"EN\";\n}\n\n# Execute the java command for password reset\nif ($OS =~ 
\"AMSWin\") {\n $cmd_output = ‘java -jar \"C:/\\"Program Files\\\"/NetIQ/npum/service/local/cmdctrl/lib/NPUM_SAP_api.jar\" $host 
$systemNumber $clientNumber $lang $admin $user’;\n} else {\n $cmd_output = -ADMIN_PASSWD=$adminPasswd 
USER_NEW_PASSWD=$userPasswd java -jar /opt/netiq/npum/service/local/cmdctrl/lib/ NPUM_SAP_api.jar $host $systemNumber 
$clientNumber $lang $admin $user’;\n}\n\nif ($? != 0) {\n  $ctx->log_error(\"Password reset for the user $user failed.\");\n $retVal = 0;\n} else 
{\n $ctx->log_info(\"Succesfully resetted the password of the SAP user $user .\");\n}\n\n$ctx->log_debug(\"Command execution output as 


below : \n $cmd_output \");\n\n$ctx->log_info(\"*** END SAP PASSWD RESET\");\nreturn $retVal;\n", 

"ScriptArgs": { 
"lang": "EN", 
"clientNumber": "500", 
"systemNumber": "00" 

} 

} 
} 


} 
Y ‘https://164.99.162.101/rest/prvcrdvlt/Vault' 


Sample curl command: Add database type Vault 
curl --insecure -X PUT -b 
"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxaj Gg8CG2MQDdEZyZnpdY UlqUyIDFXJyZ3sjAWn5+w 
pp VqRf01//7Wmnb9E32iuK28+Vv4V 1d/yJ4r3hN7 fb XhMZbJr6duw PmgQTegU9+TkWuGN9uO0k55rDrm82Ww91Utr4+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpSIBm19PBXtXmVbRNW2zTvYcm+x4JO3unx3nLyNk+6VrJO7VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Vault": { 
"name": "Oracle_database", 
"type": "database", 
"CFG": { 
"PasswdPolicyld": 1, 
"ConnectString": { 
"value": "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=192.168.1.200)(Port=1521))(CONNECT_DATA=(SID=orcl)))" 
} 
"ConnectAs": { 
"value": 1 
}, 
"Connect": { 
"delegate": 0 
} 
} 
} 


}' ‘https://164.99.162.101/rest/prvcrdvlt/Vault' 


Sample curl command: Add shared key type Vault 
curl --insecure -X PUT -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1FqbnSJanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxaj Gg8CG2MQDdEZyZnpdY UlqUyIDFXJyZ3sjAWn5+w 
ppVqRf01//7Wmnb9E32iuK28+Vv4 V 1d/yJ4r3hN7fb XhMZbJr6duW PmgQTegU9+TkWuGN9u0k55rDrm82 Ww91Utr4t+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpS!1Bm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Vault": { 
"name": "DOM-SSH-KEY-10", 
"type": "key", 
"CFG": { 
"Subtype": "SSH Key", 
"multiuser": 1 
b 
} 
Y ‘https://164.99.162.101/rest/prvcrdvlt/Vault' 


12) Add or Modify Credential 


Syntax: PUT /rest/prvcrdvlt/Credential 
PUT /rest/prvcrdvlt/Credential/<id> 


Mandatory parameters: 
vault - id of the vault to which the credential is being added 


account - name of the credential 

type - 'passwd' or 'ssh_pkey', default is ‘passwd' 

limit - Applicable to shared keys only. If the key domain is of multiuser type, 
then the integer value can be set which determines the key usage limit. 


Optional parameters: 
id - id of the credential that is to be modified. The id could be set in the payload 


as well for modify operation. When no id is passed, it would be add operation. 
anon - applicable for LDAP credential only. Set the credential as Anonymous LDAP user. Value can be 0 or 1. 
userdn - applicable for LDAP credential only. Set the DN of the credential, e.g. cn=admin,ou=users,o=myCompany 


Sample curl command: Add SSH credential with password 


curl --insecure -X PUT -b 
"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU 1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxajGg8CG2MQDdEZyZnpdY UlqUyIDFXJyZ3sjAWn5+w 
pp VqRf01//7Wmnb9E32iuK28+v4 V 1d/yJ4r3hN7fb XhMZbJr6éduW PmgQTegU9+TkWuGN9u0k55rDrm82 Ww91Utr4t+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpS!1Bm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Credential": { 
"vault" : "48784d7c-d5al-4d0f-b8dc-13347f4a0e9f", 
"account": "root", 


"type": "pkey", 
"PCD": { 
"passwd": "abcd" 


} 


} 
}' --verbose ‘https://164.99.162.101/rest/prvcrdvlt/Credential' 


Sample curl command: Add SSH credential with private key 


curl --insecure -X PUT -b 
"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU 1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxaj Gg8CG2MQDdEZyZnpdY UlqUylDFXJyZ3sjAWn5+w 
ppVqRf01//7Wmnb9E32iuK28+v4 V 1d/yJ4r3hN7fb XhMZbJr6duW PmgQTegU9+TkWuGN9u0k55rDrm82 Ww91Utr4t+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpS1Bm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Credential": { 

"vault": "48784d7c-d5a1-4d0f-b8dc-13347f4a0e9f", 

"account": "root2", 

"type": "ssh_pkey", 

"PCD": { 

"pkey": "-----BEGIN RSA PRIVATE KEY-----\\nProc-Type: 4,ENCRYPTED\\nDEK-Info: AES-128- 
CBC,CD03D96742618AB5298EC90E12BE4A 1A\\n\\nQZHu49mdFB1FFkD3VRrOL9m9S VIrIMI6C2EIdjuHS3a69prO4B Y Fi7CkiSLOcxgR\\ 
npNLYizEJgPO7NPI0VakqR3UFsxheegkFKP2TQ9A OcIM4Hiym9 Y Z98qra Yvy V£N8h\\nJiqsj+6H VysW Y x/EUGMyEw38bQY EcwSLCD6C+i 
U7rAczSvVORLKffYoWMZY 8FO92 V\\nWhoa6GWS5RNgqzvTJNo3P75SARzXSV Ws+0al6Wnm9cD4X 66tHwQOBcaeUIa5x8Q8a\\nDxX9LX 
r/1xPat+AlmLtliwj+koCWmNKsyhl8MmQi8ihngv4/kmy7LW5w1PKj0qFyt\\nX/7Z+KHSiHWWd7exog Y ODge4wfC8SudmP 11rE+FFEkDjSc2 
EXNwpkQ1rljP9SjjD\\nzV Y NHaRkIFzp/tWPby Y2XA5WS94eSRZpObk VODpZFBbC1Rfk368BQHSNRCMS8HiIcs\\nLNemRzAmtMcFQxWH 
FE8VAaxDZ26YJQbRCQ+cdeE Ypns2ixUUAGc+uzcVxNhxO+sJ\\nHXssUGEOqMhLcXbXvLZ4cEpk7fp5hB22JT4+gGafR+WaWzgDfHQh8 
A1FLHuckKgxR\\nh7nVSzhRPi6I+DdQ5C2+FyuRpgx2+Ra+6JqOmcSLEgkNOBEhAO1HGxnXAPSiRyDv\\nzt+oCISSHbeY TJx YruwKSSp/Y 
TN5cS6TuhAOY H5vWbsmV8QWL18HN4eJkgQ7gkle4\\ntRSEF8AH2Y Y DRPx/NvsfX2UbMwV+TwcKoQhoRZtnzM03se05tGwBKHg7HTg 
VIIQC\\nJqzfDcXb7JST+gyleL85tqCzrDA+Kclvjb2uGmRIJerouH1Df1j2kMIqCu0A9Chy\\n4IcfvBy21qi5L7BURe YcUr3b0hnQacX yrg6JS5H 
JIV2AU703KNLp5SAV7+wdZ53Fn\\npytDNeuTkTyK75sd1gsjOGYkc Yi8r7ifaAdNHNc554/p6P9WEZDHX PCOAmp5Ws8W\\n6psxmngOw9fN 
B6FfrxCA6uklejxJUOuPsCK/qxIrEDUH1PLLtFkA 8stcW1Y 1Hrgz\\nefow4U1V +lpby7T2AVFGvM29W4yJsith/39kNJWtSJgHc6h31zVd2NO 
Arrbz4BNO\\npoKAhFx8ShaFTdgL3nk6CejsH80MbDY +jszuHjLdjBC4Zk+dj19NBbr/8j6XZAWw\\nr/BRcys9BqrLanynHlVSjHaaJGcqgny8c 
Z9CEBI2s+49kx1sBqatfh7LSBc11Kb2\\n/Y cssFmzDRTCC1LLirHMZUp1klioVsvweiV Y5USBs/F7/RSH1nE 1rdePptJpZI9L\\neyn8giirl5JVAB 
dCQ6Mq7f5J/+fYkBnWv8lyOKf6wF8Rulzyet83ts4 VyNOPNZJt\\nirbT XrB57VHZZY dKFs/Z+M4C4snDyub8seY K6fCng4BtgCEX Wmt8bgvd 
BUqH2K6H\\nWVHOJ3CojRg7qfQJuFSN8Vc7SZxsJ30sxLEASsoSBT4dolIAPKKJ4Ibv6uFyEyIGC\\n2eoL3XHdD8ikoPrFb8sBO7Lny7DbZ5 
a09HwM+0D4akz0ty7my8Ary RfmN9oix9vl\\nohqTsLXKnRLOTgkUw9rSv12xlLmxbqpO YtQQa9p+/GTOOSQBmk7+0Rev81ZY N+ti\\n----- 
END RSA PRIVATE KEY-----", 

"passphrase": "Mypassword" 


} 


} 
}' --verbose ‘https://164.99.162.101/rest/prvcrdvlt/Credential' 


Sample curl command: Modify a credential 
curl --insecure -X PUT -b 
"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU 1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxaj Gg8CG2MQDdEZyZnpdY UlqUylDFXJyZ3sjAWn5+w 
ppVqRf01//7Wmnb9E32iuK28+v4 V 1d/yJ4r3hN7fb XhMZbJr6duW PmgQTegU9+TkWuGN9u0k55rDrm82Ww91Utr4t+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpS!1Bm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Credential": { 
"id" : "7fcb7cc0-688a-4eb0-a4e5-cc9f46f4431a", 
"account": "root", 


"PCD": { 
"passwd": "abcd1234" 
} 


} 
}' ‘https://164.99.162.101/rest/prvcrdvlt/Credential' 


Sample curl command: Adding LDAP/Windows Credential 
curl --insecure -X PUT -b 
"pum_rest_auth=eJzj8ExJzSvJLKIkyOd0LC3JCMnPTs1jKGbJS8xNZU 1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC 1loPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxaj Gg8CG2MQDdEZyZnpdY UlqUylIDFXJyZ3sjAWn5+w 
pp VqRf01//7Wmnb9E32iuK28+Vv4V 1d/yJ4r3hN7 fb XhMZbJr6éduw PmgQTegU9+TkWuGN9uO0k55rDrm82Ww91Utr4+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpSIBm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Credential": { 
"vault": "9386dbf0-868a-41dd-9ad7-c54a37deaf9c", 
"account": "admin", 
"type": "passwd", 
"PCD": { 
"passwd": "abcd123" 
}, 
"CFG": { 
"anon": "0", 
"userdn": "cn=admin1,ou=sa,o=system" 
} 


} 
Y ‘https://164.99.162.101/rest/prvcrdvlt/Credential' 


Sample curl command: Adding key in shared key domain 
curl --insecure -X PUT -b 
"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jKGbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1oPfZ1B1sxd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtkV1QpFtQmptS VpyTWmxoVFxgqFthZqJrmMgSlJ+TCjS9CEgxaj Gg8CG2MQDdEZyZnpdY UlqUyIDFXJyZ3sjAWn5+w 
pp VqRf01//7Wmnb9E32iuK28+v4 V 1d/yJ4r3hN7fb XhMZbJr6duW PmgQTegU9+TkWuGN9u0k55rDrm82 Ww91Utr4t+kippMHOhRuXhFIXGz 
mdmdt4WS2U/eXrRdZ6mbr7qpS!1Bm19PBXtXmVbRNWzTvYcm+x4JO3unx3nLyNk+6VrJO7 VsWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq 
80AwMA/KuD6g==" -H Cache-Control: no-cache -H Content-Type:application/json -d '{ 
"Credential": { 
"vault": "ed851226-efad-47e8-9444-5527e18db6fd", 
"CFG": { 
"limit": 10 
}, 
"PCD": { 
"pkey": "private key", 
"passphrase": "abcd" 


"type": "ssh_pkey", 
"account": "sshKey2" 


} 
Y ‘https://164.99.162.101/rest/prvcrdvlt/Credential' 


13) Delete a Credential 


Syntax: DELETE /rest/prvcrdvlt/Credential/<id> 


Mandatory parameters: 
id - id of the Credential object to be deleted 


Sample curl command: 
curl --insecure -X DELETE -b 


"pum_rest_auth=eJzj8ExJzSvJLK]kyOd0LC3JCMnPTs1jK GbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1loPfb4kF8xd1Fqbn5JanxGf 
nEJQzFnQWpgEZgtnl1QliVWpyhISRTpJeX X5aak60 XnJ+byBK UnSMKNLwISDFqMaDwIZYxAJORnJmel1hSWpTKUMVcnJneyNBz8PW 
NLRntZ681VAn9//JTOu2pIM3vylrVSSMahCWeuyctzEux Yp6jq2F24fTORLGkmeftfre4nHsmHnB+q8PHpp1ly6pFxFwyD2XvebBZs+2fhVDIxs 
pbFNMMjidknRcd3z+O2xs2Gu2pkN4ll+JvxC8zvX1B8zvzdyyVLNO//x7RqcemM9CqmzBQRVvyY WreV Y weBp4/JnpvOz2+TPy13t1GBgA5++ 
CCQ==" -H "Cache-Control: no-cache" -H "Content-Type:application/json" https://164.99.162.101/rest/prvcrdvlt/Credential/67 1de945-a595- 
4556-98a6-25d685c638e8 


14) Delete a Vault 


Syntax: DELETE /rest/prvcrdvlt/Vault/<id> 


Mandatory paramters: 
id - id of the Vault object to be deleted 


Sample curl command: 
curl --insecure -X DELETE -b 


"pum_rest_auth=eJzj8ExJzSvJLKlkyOd0LC3JCMnPTs1jK GbJS8xNZU1Myc3My+TIzEtMLsksS+3j8GQrKS5JzC1loPfZ4K Wsxd1Fqbn5JanxG 
fnEJQzFnQWpqEZgtnl1QUiVWpyhl5RTpJex X5aak60 XnJ+byBKUnSMKNLwISDFqMaDwIZYxAJORnJmel1hSWpTKUMVcnJneyJAx6wj7 
C6vCk9LR5akcc27cCdFpyphnIVK47KaM6NZ/cT1LuGrjBK ZtlhaRf5tsX pUm+b7hmO ye8w9i53Rmu/UuP3yYqb/yvmL 7ryimUp9fU/POM2+5/ 
cN/TsfKoscROrxpvxRb112mufu9ndpjLD3XpUdtW4rw/SXTq58Ht0x3jwj42m9mWMWUmSKit3A 1zwoGTwOPPz0d190+f0b+eq30AwMAew 
yAkg==" -H "Cache-Control: no-cache" -H "Content-Type:application/json" https://164.99.162.101/rest/prvcrdvlt/Vault/39031fa3-b647-46f2- 
bOad-76c288228a6 


Note: For more information on other REST APIs, contact the support team. 


